D
Posture
microsoft.com
Microsoft · MSFT · Information Technology
● 11 live hosts 12 subdomains Scanned 2026-06-20
Ranks in the 44th percentile of 478 scanned peers for proactive management of its public-facing digital surface.
A B C D F Graded relative to peers — A = top 10%  ·  F = bottom 20%
D
CVE Exposure45% weight
28.4 severity-weighted CVEs per live host · 30th percentile
A
Lower-Env Protection30% weight
100% of non-prod hosts access-controlled · 93th percentile
D
Security Headers25% weight
42% security-header coverage · 31th percentile
Vulnerability Exposure — version-matched CVEs
7 Critical
24 High
57 Medium
2 Low
Technology Stack — 7 detected
jQuery 14C
JavaScript Library v1.9.1
Adobe Experience Manager
CMS
Cloudflare
CDN
D3.js
JavaScript Library
Fastly
CDN
Foundation
CSS Framework
LinkedIn Insight
Advertising
Top CVEs by Severity
CVE IDSeverityCVSSTechnologyDescription
CVE-2018-9206 CRITICAL 9.8 jQuery
v1.9.1
Unauthenticated arbitrary file upload vulnerability in Blueimp jQuery-File-Upload <= v9.22.0
CVE-2018-9208 CRITICAL 9.8 jQuery
v1.9.1
Unauthenticated arbitrary file upload vulnerability in jQuery Picture Cut <= v1.1Beta
CVE-2018-9207 CRITICAL 9.8 jQuery
v1.9.1
Arbitrary file upload in jQuery Upload File <= 4.0.2
CVE-2020-26629 CRITICAL 9.8 jQuery
v1.9.1
A JQuery Unrestricted Arbitrary File Upload vulnerability was discovered in Hospital Management System V4.0 which allows an unauthenticated …
CVE-2015-10138 CRITICAL 9.8 jQuery
v1.9.1
The Work The Flow File Upload plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the jQuery…
+ 91 more CVEs in the full graph explorer.
Lower-Environment Protection — access control on non-production hosts
A
Access
100% of 1 non-production host are access-controlled — better than 93% of 261 scanned peers.
● 1 gated
ppe.supportabilityhub.microsoft.comgated
DNS visibility is not penalised — only whether a non-prod host serves its application openly (exposed) or sits behind a network filter, auth challenge, SSO, or mutual TLS (gated).
Live Subdomains — 11 shown
account.microsoft.comauto-weseurhp-pbi-kv-httpszone74.z74.w.api.fabric.microsoft.comauto-weudp-pbi-kv-httpszone27.z27.w.api.fabric.microsoft.comemails.microsoft.comeu.icp.ids.api.iris.microsoft.comgo.microsoft.cominfo.microsoft.commicrosoft.comppe.supportabilityhub.microsoft.comprivacy.microsoft.comsupport.microsoft.com
All 96 CVEs, every host, every port — in one map
The graph explorer connects every subdomain, technology, and CVE into an interactive map — updated continuously as infrastructure changes.
Continuous scanning Version-accurate CVE matching Interactive graph explorer Corporate ecosystem tracking
Open Graph Explorer →